1. Field of the Invention
The present invention relates to an anonymous authentication service method of providing local linkability capable of supporting linkability within the same service domain while maintaining anonymity by altering a representative short group signature, among anonymous authentication schemes.
2. Description of the Related Art
In general, a person may be requested to verify his personal identity or his electronic signature for important transactions such as financial transactions, or the like, on the Internet, or may use electronic certificates based on a PKI (Public Key Infrastructure) to verify his identity and authentication to use a particular service.
The PKI-based electronic certificates allows only a person who retains a secret key to generate an electronic signature, and because the probability that a person who does not have the secret key may forge the electronic signature is as low as to be negligible, the PKI-based electronic certificates enables very safe and convenient electronic signature and authentication.
However, certificates issued by an accredited certification body expose the real name of a user and include information for cryptologically ascertaining whether or not important personal information such as whether a resident registration number (or a social security number) is identical, or the like, providing information regarding who has generated particular electronic signature information, causing a problem with privacy.
Meanwhile, some services do not require users' personal identity verification, and simply checking whether or not the user is eligible to use a service (or whether or not the user is an adult) may be sufficient. To this end, anonymous authentication schemes have been studied, and a short group signature is a typical method therefor. Group signature schemes including a short group signature include basic functions for anonymity available for conditional tracing such as anonymity, traceability, unlinkability, and the like.
Among them, unlinkability means that even in the case that anonymous users perform anonymous authentications several times, a verifier (largely, a service providing server) cannot determine whether or not they are the same users. If the unlinkability function is not provided, every service usage pattern and the usage records of a particular user can be tracked. As the tracking records are accumulated, the user's anonymity becomes highly likely to be compromised, and when the real name of any one of the records is exposed, the overall anonymity is broken.
However, unlinkability may be very inconvenient when applied to a general Internet service.
In general, a service provider compiles statistics related to a service usage, works out a strategy, classifies a regular service user and a bad (undesirable or malicious) service user, and provides diverse services such as providing a specified service or restricting the use of services, and the like. However, information regarding service users based on the anonymous authentication scheme cannot be obtained, making it difficult to establish a service plan and strategy.
Thus, a novel anonymous service method that may satisfy such requirements although it slightly sacrifices the users' privacy is required.